Digital signature system based on a cloud of dedicated local devices

ABSTRACT

Method and apparatus are disclosed for attack tolerant implementations of public key digital signatures based on a cloud of dedicated local devices. A system includes a first security device, a second security device, and a computing device remote from the first and second security devices. The first security device stores a first private key and, in response to receiving a message, generates a first signature based on a message received from the computing device and the first private key. The second security device stores a second private key that is independent from the first private key and, in response to receiving a message, generates a second signature based on a message received from the computing device and the first private key. The computing device generates a composite cryptographic signature based on the first signature and the second signature.

TECHNICAL FIELD

The present disclosure generally relates to secure electronic communication and electronic commerce and, more specifically, attack tolerant implementations of public key digital signatures based on a cloud of dedicated local devices.

BACKGROUND

Increasingly, documents are being signed digitally. Digital signatures employ systems that (a) authenticates a person signing the document is who they say they are when they sign and (b) validates that a signed document is authentic. In this manner, a person who is relying on the document can be certain that the document is authentic and the person who signed the document cannot deny that they signed it. These digital signature systems often use asymmetric cryptography which rely on a secret private key and a non-secret public key associated with an individual. To forge a signature, a malicious actor needs to obtain the secret key or spend the computational cost (if possible) of breaking the signature scheme (i.e. signing a message without having the private key). Attack tolerance to a digital signature system can be classified into mathematical tolerance (e.g., the ability to forge a digital signature by breaking the signature mathematically) or physical tolerance (e.g., tampering with a physical device to forge a signature). Generally, it is harder to improve physical tolerance.

SUMMARY

The appended claims define this application. The present disclosure summarizes aspects of the embodiments and should not be used to limit the claims. Other implementations are contemplated in accordance with the techniques described herein, as will be apparent to one having ordinary skill in the art upon examination of the following drawings and detailed description, and these implementations are intended to be within the scope of this application.

An example system for generating a digital signature includes a first security device, a second security device, and a computing device remote from the first and second security devices. The first security device stores a first private key, and in response to receiving a message, generates a first signature based on a message received from the computing device and the first private key. The second security device stores a second private key that was independently generated from the first private key and, in response to receiving the message, generates a second signature based on the message and the second private key. The computing device, in response to receiving a request for the digital signature, sends the message to the first security device and the second security device. The computing device also, in responses to receiving the first signature and the second signature, generates a composite cryptographic signature based on the first signature and the second signature. Additionally, the computing device appends the composite cryptographic signature to a digital document.

In some example embodiments, the first security device, before generating the first signature, authenticates the signer based on a first input to the first security device. Additionally, the second security device, before generating the second signature, authenticates the signer based on a second input to the second security device.

In some example embodiments, the first input is a different type of input than the second input

In some example embodiments, the first security device generates the first private key and a first public key including a first public modulus. The second security device generates the second private key and a second public key including a second public modulus.

In some example embodiments, the computing device generates the composite cryptographic signature further based on the first public module and the second public modulus.

In some example embodiments, the computing device does not store a private key used to generate the composite cryptographic signature.

In some example embodiments, the first security device and the second security device each are communicatively coupled to the computing device.

In some example embodiments, the first security device is communicatively coupled to the computer device, and the second security device is communicatively coupled to the first security device.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the invention, reference may be made to embodiments shown in the following drawings. The components in the drawings are not necessarily to scale and related elements may be omitted, or in some instances proportions may have been exaggerated, so as to emphasize and clearly illustrate the novel features described herein. In addition, system components can be variously arranged, as known in the art. Further, in the drawings, like reference numerals designate corresponding parts throughout the several views.

FIG. 1A illustrates a system that employs traditional asymmetric cryptography using a single private key.

FIG. 1B illustrates a system that employs split-key asymmetric cryptography that uses multiple private key shares are that dependent on a single private key.

FIG. 2 illustrates a system that employs composite-key key asymmetric cryptography that uses multiple private keys that are independent of each other.

FIG. 3 illustrates a secure device implementing a device-side portion of the composite-key asymmetric cryptography of FIG. 2.

FIG. 4 is a block diagram of electronic components of the secure device of FIG. 3.

FIGS. 5 and 6 illustrate systems implementing the composite-key asymmetric cryptography of FIG. 2 using multiple secure devices of FIGS. 3 and 4 and a computing device.

FIG. 7 is a flowchart of a method to sign a document using the composite-key asymmetric cryptography of FIG. 2, which may be implemented by the secure devices of FIGS. 3, 4, 5 and 6 and the computing device of FIGS. 5 and 6.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

While the invention may be embodied in various forms, there are shown in the drawings, and will hereinafter be described, some exemplary and non-limiting embodiments, with the understanding that the present disclosure is to be considered an exemplification of the invention and is not intended to limit the invention to the specific embodiments illustrated.

A common asymmetric cryptography system (sometimes referred to as a “public key cryptosystem”) used for digital signatures is Rivest-Shamir-Adleman (RSA). As illustrated in FIG. 1A, the RSA cryptosystem uses four functions. The first function is a Private Key Generation function (ƒ₁), which generates a private key 102 based on two distinct prime numbers p and q. The integers p and q are randomly chosen and are kept secret. The second function is a Public Key Generation function (ƒ₂) which generates a public key 104 based on the two prime numbers p and q. The public key 104 consists of a public modulus (n) and a public exponent (e). The public modulus (n) is calculated in accordance with Equation 1 below. The public exponent (e) is selected such that Equation 2 below is true.

n=pq   Equation 1

gcd(p−1,e)=gcd(q−1,e)   Equation 2

In equation 2 above, gcd is the greatest common divisor function that returns the largest positive integer that divides each of the inputs. The RSA cryptosystem uses a third function (ƒ₃) to sign a message (m) 106 with the private key 102, where m∈

_(n) ={0, . . . , n−1}. The RSA cryptosystem uses a private exponent (d) to calculate the signature 108 of the message (m) 106. The private exponent (d) is calculated in accordance with Equation 3 below.

$\begin{matrix} {d = {\frac{1}{e}{{mod}\ \left( {p - 1} \right)}\left( {q - 1} \right)}} & {{Equation}\mspace{14mu} 3} \end{matrix}$

The signature 108 of the message (m) 106 is σ(m), which is calculated in accordance with Equation 4 below.

σ(m)=m ^(d) mod n   Equation 4

To verified a received signature (σ) 108 and an accompanying message (m) 106, the RSA cryptosystem uses a fourth function (ƒ₄) based on the public modulus (n) and the public exponent (e). The signature (θ) 108 is verified when Equation 5 below is true.

σ^(e)mod n=m   Equation 5

Secure implementation of a signature scheme based on RSA requires that a signer (e.g., a person or group of persons) has sole control of functions ƒ₁, ƒ₂, and θ₃ within a security parimeter. Typically, a device implementing the RSA signature scheme: (a) executes ƒ₁ and ƒ₂ only once in a lifetime of the device; and (b) assures that only the authorized signer can execute function ƒ₃. The private key (e.g., the private key 102) must never leave the device. The device must always be capable of reliably authenticating the signer before executing ƒ₃. Thus, the security device requires, within the security perimeter, (a) computational power to computer the functions, (b) memory to store the keys, (c) input/output (I/O) devices, and (d) an authentication solution. The security perimeter may consist of separate electronics that each implement a partial functionality. For example, the key generating functions ƒ₁ and ƒ₂ may be implemented by one set of electronics, and the signing function ƒ₃ may be implemented is a separate set of electronics.

The cryptographic attack tolerance of a signature scheme (such as the RSA cryptosystem described above) is defined in terms of computational complexity theory and has mathematical and physical components. The measure of mathematical attack tolerance takes into account the computational resources (number of steps, memory in bits, program size, etc.) that is necessary to break the scheme (i.e., sign a message without having access to the private key). The computational cost of breaking the scheme is expressed as a security level. The security level is usually expressed in “bits.” “N-bit security” means that the malicious actor would have to perform 2^(N) operations to break the scheme. For example, a signing scheme may have 128-bit or 256-bit security. The monetary cost of breaking the scheme is considered proportional with the computational cost. Physical attack tolerance of a security device refers to the cost of forging a signature without breaking the signature scheme mathematically (e.g., tampering with the security device).

The mathematical and physical attack tolerance required for a signing scheme are derived from risk analysis and takes into account the application in which the signature solution is being used. Often, the physical design of security devices are a weakness in an RSA-based signing scheme. One approach to increasing physical attack tolerance is to require cooperation between multiple devices. In such an approach, a signature key (e.g., a master private key) is shared between several security devices. As such, a signature can only be created when the security devices cooperate. Attacking one device (e.g., physically tampering with one device, uncovering the portion of the master private key on one device, etc.) is insufficient to forge signatures.

One such approach is illustrated in FIG. 1B. In FIG. 1B, a master private key 110 is split into two private key shares 112 and 114 (sometimes referred to as a Split-Key signing scheme). The master private key 110 is generated by a trusted dealer 116 who splits the master private key 110 with function ƒ₁₀ to create a first private key share (d′) 112 and a second private key share (d″) 114. The trusted dealer 116 may split the master private key 110 for additive sharing or for multiplicative sharing. FIG. 1B illustrates the trusted dealer 116 splitting the master private key 110 for additive sharing. When splitting for additive sharing, the trusted dealer 116 uses ƒ₁₀ to derive the first private key share (d′) 112 and the second private key share (d″) 114 based on the private exponent (d) of the master private key 110 in accordance to Equation 6 below.

d ≡d′+d″(modφ(n))   Equation 6

When splitting for multiplicative sharing, the trusted dealer 116 uses ƒ₁₀ to derive the first private key share (d′) 112 and the second private key share (d″) 114 in accordance to Equation 7 below.

d ≡d′d″(modφ(n))   Equation 7

The trusted dealer 116 transmits the first private key share (d′) 112 to a first security device 118 and the second private key share (d″) to a second security device 120. When generating a signature, the security devices 118 and 120 perform function ƒ₃ with their respective private key shares to generate a first signature share (σ′) 122 and a second signature share (σ″) 124. The signature (σ) 108 is generated with the first signature share (a′ 122 and the second signature share (σ″) 124 with function ƒ₁₁. For additive sharing, function ƒ₁₁ is calculated in accordance with Equation 8 below.

σ=σ′·σ″ mod n=m ^(d′+d″)mod n   Equation 8

For multiplicative sharing, function ƒ₁₁ is calculated in accordance with Equation 9 below.

σ=σ″(σ′(m))=m ^(d′d″) mod n   Equation 9

The generated signature 108 is used as describe above with the traditional RSA signing scheme.

In some examples, one of the private key shares is held by a mobile device (e.g., a smartphone) and the other private key share is held by a server cooperating in the signing scheme. The Split-Key signing scheme often requires a trusted dealer to split a master private key 110 into the signature shares 112 and 114 and then securely transmitting the signature shares 112 and 114 to the security devices. This introduces a third party. However, parties that act as the trusted dealer may be, in some circumstances, untrustworthy dealers that abuse their power to forge users' signatures. Additionally, trusted dealers become a single point of failure in the signing scheme. If a trusted dealer is compromised, all the master private keys it holds or generates are also compromised. To overcome this shortcoming, the distributed generation of shares is used, where the first signature share (94 ′) 122 and the second signature share (σ″) 124 and the common public key 104 are generated as the outcome of a multi-party cryptographic protocol (e.g., the multi-party cryptographic protocol Π) in which the master private key 110 never exists as a whole. However, Split Key implementations are very costly and inefficient compared the conventional RSA implementations.

As described in more detail below, signature generation using cooperation between multiple devices can be implemented with a physical attack tolerance greater than the conventional RSA signer scheme without the computational inefficiency of a Split Key signing scheme (e.g., with the multi-party cryptographic protocol) or the issues surrounding using a trusted dealer. In the system described below, instead of generating a set of signature shares dependent on either a master private key or a multi-party cryptographic protocol, a composite signature can be composed from individually generated signatures that are based on independently generated private keys. This is sometimes referred to as a Comp Key scheme. As used herein, an independently generated private key is a private key that was not generated using any master private key or multi-party cryptographic protocol (e.g., as opposed to the private key shares of the Split Key signing scheme).

The system includes two or more security devices each storing an independently generated private key that is associated with its own public key. The security devices may be any portable electronic device that is capable of (a) securely storing the independently generated private key, (b) receiving an input from a signer, (c) reliably authenticating the identity of the signer based on that input, (d) receiving a message to generate a signature, (e) generating the signature with the independently generated private key and the message, and (f) transmitting the signature to a computing device (e.g., a server, etc.) requesting the signature. In some examples, the security devices may be smartphones, smart watches, tablet computers, jewelry with embedded electronics (e.g., bracelets, rings, broaches, etc.), smart cards (e.g., a credit card, an identification card, etc.), and/or an electronic hanko, etc. In some examples, each security device is configured to physically receive an input (e.g., a biometric identifier such as a fingerprint, a password, etc.) from the signer independently from any other security device. In some examples, each security device communicates with computing device (e.g., via a wireless connection to the Internet, etc.). Alternatively, in some examples, one of the security devices acts as a primary device that communicates with the computing device (e.g., via a wireless connection to the Internet, etc.) while other security devices communicate with the primary device via a local area network (e.g., a wireless local area network, a Bluetooth® Low Energy connection, etc.) to communicate with the computing device.

The computing device receives the signatures from the security devices. The computing device generates a composite signature and then uses the composite signature to sign a digital document (e.g., a contract, an acceptance of a website's terms of service, a legal document, etc.). To verify a previously signed document, the computing device retrieves the public keys associated with the security devices and generates a composite public key. Using the composite public key, the computing device verifies whether the signature on a digital document is authentic.

Increasing physical attack resistance is more difficult than increasing mathematical attack resistance. There is a need for signing schemes that have an increased physical attack tolerance. Currently approaches do not increase physical attach resistance. While a Comp Key signing scheme has a lower mathematical resistance than the corresponding conventional RSA signing scheme (e.g., if an RSA implementation has a k-bit public modulus (n) and l-bit security, the composite signature will have a bit security less than l despite having a 2 k-bit public modulus), the composite signature is only compromised through a physical attack if all of the security devices used to generate that composite signature are compromised. The mathematical attack resistance of the Comp Key signing scheme can be increased by increasing the bit length of the public modulus (n) (e.g., a 256-bit public modulus (n), a 2048-bit public modulus (n), etc.). Using the system described below that employs at least two security devices with independently generated private keys, the physical attack resistance of the signing scheme increases.

FIG. 2 illustrates a system that employs composite-key key asymmetric cryptography that uses multiple private keys that are independent of each other. FIG. 2 illustrates a Comp Key signing scheme using a first security device 202 and a second security device 204 (e.g., security devices 300 as shown in FIGS. 3 and 4 below). The security devices 202 and 204 each independently generate a private key 206 and 208 using function f (as described above). Additionally, the security devices 202 and 204 each generate a public key 210 and 210 with a public modulus (n) (e.g., calculated in accordance with Equation 1 above) and a public exponent (e) (e.g., determined in accordance with Equation 2 above). The public keys 210 and 212 are transmitted to a remote computing device stored in a public key database associated with the corresponding security device. When the security devices 202 and 204 receive a message 214 to use to generate a signature, after the security devices each independently authenticate the signer, the security devices 202 and 204 use function ƒ₃ (as described above) to each independently generate a signature 216 and 218.

To sign a digital document, a composite signature 220 is generated from the first signature (σ₁) 216 and the second signature (σ₂) 218. In the illustrated example, the composite signature (σ_(C)) 220 is generated with function ƒ₆ in accordance with Equation 10 below.

σ_(C)=(bn ₁σ₁ +an ₂σ₂)mod(n ₁ n ₂)   Equation 10

In Equation 10 above, n₁ is the public modulus of the first public key 210 and n₂ is the public modulus of the second public key 212. Additionally, the coefficients a and b satisfy an₁+bn₂=1. The composite signature (σ_(C)) 220 is appended to the digital document.

To verify as signed document, the composite public modulus (n_(C)) of the composite public key 222 is calculated using function ƒ₅ in accordance with Equation 11 below. The composite public modulus (n_(C)) of the composite public key 222 is based on the public modulus (n₁) of the first public key 210 and the second public modulus (n₂) of the second public key 212.

n _(c) =n ₁ n ₂   Equation 11

Using the composite public key 222 (<n_(C), e>) and the message 214, the signature (σ_(S)) associated with the signed digital document is verified with function ƒ₄ (as described above).

FIG. 3 illustrates a secure device 300 implementing a device-side portion of the Comp Key signing scheme of FIG. 2. The security device 300 implements the functions ƒ₁, ƒ₂, and ƒ₃. The security device 300 includes a control interface 302 and a input/output (I/O) interface 304. The control interface 302 receives input from a signer 306 to authenticate the identity of the signer 306 before the security device 300 generates the signature 308. The I/O interface 304 communicates directly or indirectly with a computing device (e.g., the computing device 502 of FIGS. 5 and 6 below) to transmit the signature 308 and the public key 310, and receive the message 312 used to generate the signature 308.

FIG. 4 is a block diagram of electronic components 400 of the secure device of FIG. 3. In the illustrated example, the electronic components 400 include the control interface 302, the I/O interface 304, a processor or controller 402, and memory 404, and a data bus 406 that connects the other electronic components.

The control interface 302 provides a physical interface between the security device 300 and the signer 306. The control interface 302 may include a digital camera (e.g., for image capture, visual command recognition, facial recognition, iris recognition, etc.), a touch screen and/or keyboard (e.g., for input of credentials), an audio input device (e.g., a microphone for voice recognition, etc.), a biometric input device (e.g., a fingerprint scanner, etc.) and/or a biometric sensor (e.g., a pulse oximeter, a pulse sensor, etc.). For example, the control interface 302 may include the touch screen and fingerprint identity sensor of a smart phone. The input from the signer 306 to the control interface 302 is used to authenticate the identity of the signer 206. In some examples, more than one method of identifying and authenticating the signer 306 is included. For example, the signer may need to provide both a fingerprint and a password. In some examples, the control interface 302 may be different between two cooperating security devices 300. For example, one security device 300 may have a camera to perform facial recognition and the other security device 300 may have a fingerprint scanner.

The I/O interface 304 provides an interface to communicate with other devices to transmit the public key 310 and the signature 308 and receive the message 312. The I/O interface 304 includes communication controllers and antenna for one or more for standards-based networks (e.g., Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE), Code Division Multiple Access (CDMA), WiMAX (IEEE 802.16m); Near Field Communication (NFC); local area wireless network (including IEEE 802.11 a/b/g/n/ac or others), Bluetooth® and Bluetooth® Low Energy, and Wireless Gigabit (IEEE 802.11ad), etc.). The I/O interface 304 directly or indirectly (e.g., via anther security device 300) communicates with an external network. The external network may be a public network, such as the Internet; a private network, such as an intranet; or combinations thereof, and may utilize a variety of networking protocols now available or later developed including, but not limited to, TCP/IP-based networking protocols.

The processor or controller 402 may be any suitable processing device or set of processing devices such as, but not limited to: a microprocessor, a microcontroller-based platform, a suitable integrated circuit, one or more field programmable gate arrays (FPGAs), and/or one or more application-specific integrated circuits (ASICs). The memory 404 may be volatile memory, non-volatile memory, unalterable memory, read-only memory, and/or high-capacity storage devices (e.g., hard drives, solid state drives, etc). In some examples, the memory 404 includes multiple kinds of memory, particularly volatile memory and non-volatile memory. Additionally, the memory 404 may include secure memory (sometimes referred to as “cryptomemory”) which includes an embedded hardware encryption engine with its own authentication keys to securely store information.

FIGS. 5 and 6 illustrate systems implementing the Comp Key signing scheme of FIG. 2 using multiple security devices 300 of FIGS. 3 and 4 and a computing device 502. In FIG. 5, the security devices 300 communicate directly with the computing device 502. In FIG. 6, one of the security devices 300 communicates directly with the computing device 502 and the other security devices communicate indirectly with the computing device 502 via the directly connected security device 300. In the illustrated examples of FIGS. 5 and 6, (a) the security devices 300 are co-located and accessible to the signer 306, and (b) the computing device 502 is remote (e.g., is geographically removed from and is communicatively coupled to the security devices via an external network, such as the Internet). As described in FIG. 3 above, the security devices 300 implement functions ƒ₁, ƒ₂, and ƒ₃. As illustrated in FIGS. 5 and 6, the computing device 502 implements functions f₄, ƒ₅, and ƒ₆.

As an initial setup, the security devices 300 use function f to independently generate their respective private keys (e.g. the private keys 206 and 208 of FIG. 2 above) and function ƒ₂ to generate their respective public keys 210 and 212. The public keys 210 and 212 are transmitted, via the I/O interface 304, to the computing device 502. A combiner 504 within the computing device 502 implements the function ƒ₅ to combine the public keys 210 and 212 into a composite public key 222 and stored composite public key 222 in association with identifiers associated with the security devices 300 in a public key database (PKDB) 506. Alternatively, in some example, the computing device stores the public keys 210 and 212 with identifiers associated with the security devices 300 and performs function ƒ₅ when the composite public key 222 is needed.

When a digital document is to be signed, the computing device 502 sends a message (e.g., the message 214 of FIG. 2 above) to the security devices 300. The message may be an original message (e.g., the digital document to be signed) or a message digest computed from the original message by applying a cryptographic hash function (e.g., SHA-256, etc.) to the original message. Using the message and their respective private keys 206 and 208, the security devices 300 each generate a signature (e.g., the signatures 216 and 216 of FIG. 2 above) using function ƒ₃. The security devices 300 transmit the signatures 216 and 218 to the computing device 502. The combiner 508 implements function ƒ₆ to combine the signatures 216 and 218 into a composite signature 220. The message and the composite signature 220 are appended to the document to be signed.

In the illustrated examples of FIGS. 5 and 6, the combiner 504 and the validator 508 represent different security perimeters within the computing device 502 that are executed on different controllers or processors. Alternatively, in some examples, the combiner 504 and the validator 508 may be executing within the same security perimeter within the computing device 502.

When a signed digital document is to be verified, a validator 506 within the computing device 502 implements function ƒ₄ with the composite public key 510, the message, and the composite signature 220 appended to the digital document.

FIG. 7 is a flowchart of a method to sign a digital document using the composite-key asymmetric cryptography of FIG. 2, which may be implemented by the secure devices 300 of FIGS. 3, 4, 5 and 6 and the computing device 502 of FIGS. 5 and 6. The method may be perform when, for example, the computing device 502 receives a request to sign a digital document. Initially, at block 702, a first security device (e.g., a security device 300 of FIGS. 3 and 4 above) receives an input (e.g., via the control interface 302) from the signer 306 and a message (e.g., via the I/O interface 304). The input is used to authenticate the identity of the signer 306. For example, the input may be a fingerprint or a password. At block 704, a second security device (e.g., a security device 300 of FIGS. 3 and 4 above) receives an input (e.g., via the control interface 302) from the signer 306 and a message (e.g., via the I/O interface 304). At block 706, the first security device uses the input to authenticate the signer 306. At block 708, the second security device uses the input to authenticate the signer 306. At block 710, the method ends when the authentication is not successful. Otherwise, the method continues to bock 714. At block 712, the method ends when the authentication is not successful. Otherwise, the method continues to bock 716.

At block 714, the first security device computes a first signature based on its independent private key. At block 716, the first security device computes a second signature based on its independent private key. At block 718, the first security device transmits the first signature to the computing device 502. At block 720, the second security device transmits the second signature to the computing device 502. At block 722, the computing device generates a composite signature using the first and second signatures. At block 724, the computing device 502 appends the composite signature to the digital document.

In this application, the use of disjunctive is intended to include the conjunctive. The use of definite or indefinite articles is not intended to indicate cardinality. In particular, a reference to “the” object or “a” and “an” object is intended to denote also one of a possible plurality of such objects. Further, the conjunction “or” may be used to convey features that are simultaneously present instead of mutually exclusive alternatives. In other words, the conjunction “or” should be understood to include “and/or”. As used here, the terms “module” and “unit” refer to hardware with circuitry to provide communication, control and/or monitoring capabilities, often in conjunction with sensors. “Modules” and “units” may also include firmware that executes on the circuitry. The terms “includes,” “including,” and “include” are inclusive and have the same scope as “comprises,” “comprising,” and “comprise” respectively.

The above-described embodiments, and particularly any “preferred” embodiments, are possible examples of implementations and merely set forth for a clear understanding of the principles of the invention. Many variations and modifications may be made to the above-described embodiment(s) without substantially departing from the spirit and principles of the techniques described herein. All modifications are intended to be included herein within the scope of this disclosure and protected by the following claims. 

What is claimed is:
 1. A system for generating a digital signature comprising: a first security device storing a first private key, the first security device configured to, in response to receiving a message, generate a first signature based on the message and the first private key; a second security device storing a second private key independently generated from the first private key, the second security device configured to, in response to receiving the message, generate a second signature based on the message and the second private key; and a computing device remote from the first security device and the second security device, the computing device configured to: responsive to receiving a request for the digital signature, send the message to the first security device and the second security device; responsive to receiving the first signature and the second signature, generate a composite cryptographic signature based on the first signature and the second signature; and append the composite cryptographic signature to a digital document.
 2. The system of claim 1, wherein: the first security device is additionally configured to, before generating the first signature, authenticate the signer based on a first input to the first security device; and the second security device is additionally configured to, before generating the second signature, authenticate the signer based on a second input to the second security device.
 3. The system of claim 2, wherein the first input is a different type of input than the second input.
 4. The system of claim 1, wherein: the first security device is additionally configured to generate the first private key and a first public key including a first public modulus; and the second security device is additionally configured to generate the second private key and a second public key including a second public modulus.
 5. The system of claim 4, wherein the computing device is configured to generate the composite cryptographic signature further based on the first public modulus and the second public modulus.
 6. The system of claim 1, wherein the computing device does not store a private key used to generate the composite cryptographic signature.
 7. The system of claim 1, wherein the first security device and the second security device are communicatively coupled to the computing device.
 8. The system of claim 1, wherein the first security device is communicatively coupled to the computer device, and the second security device is communicatively coupled to the first security device.
 9. A method to generate a digital signature comprising: by a first security device: generating and storing a first private key; in response to receiving a message, generating a first signature based on the message and the first private key; by a second security device: generating and storing a second private key that is independent from the first private key; in response to receiving the message, generating a second signature based on the message and the second private key; by a computing device remote from the first security device and the second security device: responsive to receiving a request for the digital signature, sending the message to the first security device and the second security device; responsive to receiving the first signature and the second signature, generating a composite cryptographic signature based on the first signature and the second signature; and appending the composite cryptographic signature to a digital document.
 10. The method of claim 9, wherein: before generating the first signature, authenticating, by the first security device, the signer based on a first input to the first security device; and before generating the second signature, authenticating, by the second security device, the signer based on a second input to the second security device.
 11. The method of claim 10, wherein the first input is a different type of input than the second input.
 12. The method of claim 9, further including: generating, by a the first security device, a first public key including a first public modulus; and generating, by the second security device, a second public key including a second public modulus.
 13. The method of claim 12, further including generating, by the computing device, the composite cryptographic signature further based on the first public modulus and the second public modulus.
 14. The method of claim 9, wherein the computing device does not store a private key used to generate the composite cryptographic signature.
 15. The method of claim 9, wherein the first security device and the second security device are each communicatively coupled to the computing device. 